Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

Is that possible to bypass LACP in CheckPoint with Bridge mode?

Dear All,

 

Due to some reasons, we need to have below design:

 

Both Cisco switches have the LACP group 3 mode active for Port7 and Port8.

 

And we have two A-A clusters CPs with bridge mode [P1 and P2] trying to scan the LACP traffic.

 

We just find that both Cisco can not form the LACP now, any advice?

 

Without the CPs and if both Cisco directly connected [7<->7, 8<->8] the LACP will work back.

 

Question.JPG

 

SW1:

Question1.JPG

 

SW2:

Question2.JPG

 

 

 

0 Kudos
3 Replies
Highlighted

I don't think this is possible as LACP is negotiated by bridge/switch ports in a point to point fashion; you can't pass LACP generated by a switch port through a second switch/bridge to yet another port on a third switch, at least to my knowledge.  You'll need to set up LACP on the Gaia interfaces as well to make this work.

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
Highlighted
Nickel

Well, I try to set up Bonds on my two CPs.
Let say Bond1 and Bond2 are configured as a bridge.
Bond1 and Bond2 include P1 and P2 respectively.

I can then make the LACP up with failover but only the Master Unit CP1 connected wire, so there is no Load Balancing.

Appreciate it if I can let the slave CP unit line LACP up also.
0 Kudos
Highlighted
Nickel

Might I know if CP has command like "set l2forward enable" on Fortigate?
0 Kudos